FortiSIEM Discovering Amazon Web Services (AWS) Infrastructure

Discovering Amazon Web Services (AWS) Infrastructure

Discovering infrastructure in AWS follows the same basic process described in Setting Access Credentials for Device Discovery and Discovering Devices, but requires a different approach to associating credentials to IP addresses, since AWS uses dynamic, rather than static, IP address assignment. The generic AWS SDK credential is used to discover Amazon Machine Instances (AMIs) and associated information such as host name, instance ID, and instance state, while credentials for generic versions of WMI, SMTP, and other access protocols are used to discover associated devices as you would for any other discovery process.

Setting Access Credentials for AWS Instances

Associating the AWS Host with Credentials

If you have not already configured Access Keys and permissions on AWS, please follow the steps outlined in AWS Access Key IAM Permissions and IAM Policies.

Associating the AWS Host with Credentials

After you’ve defined all the credentials associated with the access protocols used by devices in your AWS instance, you need to associate those credentials to the AWS host. In other deployment configurations, you would associate credentials with IP addresses corresponding to your device locations, but since AWS uses dynamic IP addressing, you need to associate all your credentials to the same host.

Under Enter IP Range to Credential Associations, click Add.

For IP/Host Name, enter com.

Click +, and add the AWS SDK credential, as well as any other generic credentials you’ve created.

Click OK.

Click Test Connectivity to make sure you can reach your instance and that all credentials are entered correctly before you initiate discovery.

Both the connectivity test and the discovery process will try to connect to the Amazon instances first, and from there will try to connect to the private IPs of discovered instances using the other access protocols.

You can now initiate discovery of your instances and associated devices as described in Discovering Devices, but for Discovery Type, select AWS Scan.

If discovery is successful, your discovered instances and devices will be added to Admin > Setup wizard > Monitor Change/Performance, and in CMDB > Devices, you will see an Amazon EC2 directory, which will include your discovered instances. If you have defined other access credentials, the discovered devices will also appear in that directory, as well as under CMDB > Server. You can query these devices from either directory.

MikeHaving trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!